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Abstract 

We discuss basic structural properties of finite black box groups. A special emphasis is made on 
the use of centralisers of involutions in probabilistic recognition of black box groups. In particular, 
we suggest an algorithm for finding the p-core of a black box group of odd characteristic. This special 
role of involutions suggest that the theory of black box groups reproduces, at a non-deterministic 
level, some important features of the classification of finite simple groups. 

2000 Mathematical Subject Classification: 20P05. 

1 What is a black box group? 

A black box group A is a device or an algorithm ( 'oracle ' or 'black box ') which produces (nearly) uniformly 
distributed independent random elements from some finite group A. These elements are encoded as 0- 
1 strings of uniform length; given strings representing x, y £ A, the black box can compute strings 
representing xy and x~ 1 , and decide whether x — y in time bounded from above by a constant. In this 
setting, one is usually interested in finding probabilistic algorithms which allow us to determine, with 
probability of error e, the isomorphism type of A in time 0(\e\ ■ (log |A|) C ). We say in this situation that 
our algorithm is run in Monte Carlo polynomial time. A critical discussion of this concept can be found 
in ||, while j?J contains a detailed survey of the subject. See also the forthcoming book by Seress J39[ . 

In this paper we discuss a (still rather rudimentary) structural approach to the theory of black box 
group. We briefly survey methods for constructing black box oracles for subgroups and factor groups of 
black box groups, and then show how one can construct black box oracles for centralisers of involutions. 
They are used in the algorithm for finding the p-coie of a black box group of characteristic p. 

Isomorphisms and homomorphisms of black box groups are understood as isomorphisms and homo- 
morphisms of their underlying groups. However we reserve the term black box subgroup for a subgroup 
of a black box group endowed with its own black box oracle. 

Despite this rather abstract general setting, practically important black box groups usually appear 
as big permutation or matrix groups. For example, given two square matrices x and y of size, say, 100 
by 100 over a finite field, it is unrealistic to list all elements in the group A generated by x and y and 
determine the isomorphism class of A by inspection. But this can often be done, with an arbitrarily small 
probability of error, by studying a sample of random products of the generators x and y. The explosive 
growth of the theory of black box groups in recent years is reflected in numerous publications (see, 
for example, the survey paper p9| on the computational matrix group project) and the fundamental 
work pq] ), and algorithms implemented in the software packages GAP |E| and MAGMA Jig] . Our 
observation (Section ||) that centralisers of involutions allow to compute unipotent radicals of black box 
groups of odd characteristic might be used in the computational matrix group project. 

This paper is written by a group theorist, not a probabilist. The author had the audacity to list some 
problems of probabilistic nature directly related to the computational aspects of the black box group 
theory. 



*The author was supported by the Royal Society and The Leverhulme Trust. 
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1.1 The order oracle 

Almost nothing can be said about a black box group without access to additional information. In some 
cases (for example, when our black box is given as a permutation group of computationally feasible 
degree) we have the so-called order oracle, that is, we can determine the orders of elements x G X. 
Of course, in a permutation group the order of an element can be easily read from its cycle structure. 
Another situation when we can determine the order of an element is when we are given a reasonably 
small superset 7r of prime integers dividing the order \X\ of X as well as reasonable bounds for \X\. 
Then we can make the list of all divisors d of \X\ and try all of them by checking whether x d — 1; the 
minimal such d is, of course, the order of x. In the case of matrix groups X ^ GL n {¥ q ) this means that 
we have to factorise \GL n (¥ q )\ into primes, which is as hard as the general factorisation problem fit]. 

However, there is a satisfactory, for the purpose of practical computation, way around the problem. 
Instead of the precise factorisation of |GL ra (F g )| one can use a substitute, the finest factorisation one 
can get: 

|GL„(F,)| = q n ^/ 2 (q-l)(q 2 -l)---(q n -l) 

= i? 1 -^ 

Now we can use the pseudo-order \x\~ of the element x instead of its exact order: 

\x\~ = the least number I — j'J 1 ■ • ■ r^ 1 such that x l = 1. 

Some of the constructions in the present paper can be carried out under a milder assumption that 
we know a global exponent, a number E such that x E can be easily computed (the standard square-and- 
multiply method requires about 21og 2 E multiplications) and x E = 1 for all x G X. 

1.2 Three types of problems 

Given a black box group X, we usually deal with one of the following problems. 

• Identification problem. Determine the isomorphism type of X with the given degree of certainty. 

• Verification problem. Is X isomorphic to the given group G? 

• Constructive recognition. Find an explicit isomorphism X — > G. 

From the probabilistic point of view, these three problems have different nature. In the identification 
problem, we have to be prepared that our algorithm might produce a false answer, although the prob- 
ability of this outcome can be made arbitrarily small by running the algorithm sufficiently many times. 
The algorithms for the verification problem are usually one-sided: for example, if we have found in X an 
element of order not present in G then we definitely know that X is not isomorphic to G. Constructive 
recognition algorithms are also of probabilistic nature and allow for some probability of failure. But 
once succeeded, they provide a proof of the isomorphism X ~ G. 

1.3 The use of involutions in recognition of black box groups: an elementary 
example 

The classical Miller- Rabin primality test (from computational number theory [3^| ; see also ps), Sec- 
tion V.l]) is based on the fact that an odd integer n is prime if and only if (Z/nZ)* is the cyclic group 
of order n — 1. The group X — (Z/nZ)* is a nicest possible black box: using standard random number 
generators, we can produce random uniformly distributed independent elements from X . Therefore we 
are in the setting of the verification problem: is X ~ Z„_i? We work on this assumption, in particular, 
we assume that X has a global exponent E = n — 1, and wish to detect structural differences between 
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X and 1 n -\. Notice that the group Z„„i contains exactly one involution (that is, an element of order 
2). On the other hand, if n — p 1 ^ ■ ■ -p l £ is the prime factorisation of n then 

(Z/nZ)* = (Z/p^Z)* x • • ■ x (Z/p^Z)* 

The Chinese Remainder Theorem allows us to lift the involutions -lmodp"' to involutions in (Z/nZ)*, 
thus showing that the involutions in (Z/nZ)* generate an elementary abelian subgroup of order 2 k . 

The key point of the story is that we can easily compute involutions in Z„_ 1; and this simple trick 
will be used later in this paper. Indeed, we can factorise n — 1 into a power of 2 and an odd factor: 
Ti — 1 = 2* 777, in odd. Obviously, at least half of the elements in Z„_i are of even order, so, with 
probability at least 1/2, x m is a non-trivial 2-element. The last non-identity element in the sequence of 
squares 

x m ,(x m ) 2 ,...,(x m f 

has order 2; we denote it i(x) and call the involution produced by x. For the sake of completeness of this 
definition, we set i(x) = 1 if x is of odd order (and thus i(x) — x m ). 

If (Z/nZ)* 9^ Z„_i, this procedure is likely to fail (that is, i(x) is not an involution), due to the fact 
that, for most integers 77, (x m ) 2 ' 7^ 1 mod 77 with probability at least 1/2. In the worst case scenario 
(when 77 is a so-called Carmichael number), the probability of producing ±1 can be shown to be less 
than ^ \- Hence we come to the following formulation of the Miller-Rabin primality test. 

REPEAT for random x <E (Z/77Z)*: 

• COMPUTE i(x). 

• if the computation of i(a;) fails or i(x) 7^ ±1, return 

77 is not prime 

• if i(x) = ±1 for I random values of x, RETURN 

77 is prime with probability of error ^ . 

We discuss later in the paper the use of involutions and centralisers of involutions in the analysis 
of black box groups, and the reader will be likely to agree that our approach can be viewed as a non- 
commutative version of the Miller-Rabin primality test. The role of involutions in identification of simple 
finite groups, black box or not, is not surprising to a finite group theorist, since this is the main tool of 
the classification of finite simple groups. But even in the very elementary, from the group-theoretic point 
of view, setting of the Miller-Rabin test, involutions are the keys to the structure of the group. Indeed, if 
we know an involution x 7^ —1 in (Z/77Z)*, then, since x 2 — 1 = mod 77, we have n \ (x — l)(x+ 1), and 
the calculation of gcd(?7, x — 1) and gcd(?7, x + 1) yields a non-trivial factor of 77. Hence the knowledge 
of involutions in (Z/77Z)* amounts to factorisation of 77 into prime numbers. This simple observation is 
of considerable practical value since it makes the basis of Simmons' attack on the repeated use of the 
modulus in the RSA encryption algorithm |l2] | . 

2 Black box groups of odd characteristic 

A black box group X is said to be of (known) characteristic p if it is isomorphic to a section in the 
matrix group GL n (¥ p k) and the order \GL n (¥ p k)\ is of computationally feasible size. Notice that this 
means, in particular, that we can take E = |GL„(F p fc)| for a global exponent for X. 

A detailed discussion of the following fundamental result can be found in Babai and Shalev |l(| . It 
summarises the work of § based on and [| ||. 
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Fact 2.1 Given a black box group X of known characteristic, the standard names of all non-abelian 
factors of X can be computed in Monte Carlo polynomial time. 

However, the determination of the p-core of X is an open problem. Recall that the p-core O p (X) is 
the maximal normal p-subgroup of X. 

Problem 2.2 Problem 10.2], |[o], Section 5]) Given a black box group X of characteristic p, can one 
decide whether O p (X) = 1 in polynomial time? 

The answer is not known even if O p (X) is known to be a minimal normal subgroup in X and X/O p (X) 
a simple group of Lie type in characteristic p. Moreover, as shown in JlO| ], the general problem can be 
reduced to this minimal configuration. 

However, in odd characteristic the question can be answered with the help of centralisers of involu- 
tions. Recall that a finite group G is quasisimple if G = G' and G/Z(G) is a simple group. A semisimple 
group G is a central product L\ ■ ■ ■ of quasisimple groups Li, called components of G. A reductive 
group G is a central product of a semisimple group and an abelian p'-group. This is, of course, a finite 
group theoretic version of the concept of reductive algebraic group. We say that a reductive group G is 
of characteristic p, if all components Li of G are quasisimple groups of Lie type. 

For a finite group H, O 2 (H) is the subg roup in H generated by all elements of odd order. 

The following theorem puts Problem |2.2| (with X/Op(X) simple group of Lie type and characteristic 
p) in an inductive setting. 

Theorem 2.3 Let X be a black box group of known odd characteristic p ^ 5. Assume that X = 
X/O p (X) is a reductive group of characteristic p. Then we can determine, in polynomial time, whether 
O p (X) ^ I, and, if O p (X) ^ 1, find a non-trivial element from O p {X). 

An analogous result, although much more technical, can be proven in characteristic p = 3; some care 
is needed in this special case because of the solvability of small groups like SL 2 (¥ 3 ). 
A similar result was announced by C. Parker and R. Wilson. 



The proof of Theorem 2J5 will be published elsewhere. Its main idea is to reduce the problem of 
detecting the non-trivial p-core Op(X) in X to the similar problem for the centraliser of an involution 
Cxit). Thus the algorithm is recursive. Fortunately, the properties of X are inherited by the consecutive 
centralisers of involutions (or, what is the same, by the centralisers of elementary abelian 2-subgroups) 
because of the following well-known result on centralisers of abelian subgroups of semisimple elements 

s 

Fact 2.4 Let X be a reductive group of characteristic p > 5 and A < X an elementary abelian 1-group. 
Set Y = Cx{A). Then Y contains a reductive normal subgroup Y° of characteristic p such that Y/Y° 
is an elementary abelian 2- group. 

Therefore wc need efficient methods of computation of centralisers of involutions and various normal 
subgroups in black box groups. Because of the probabilistic nature of the algorithm, it is vital to avoid 
the possible accumulation of errors. 

In this paper, we concentrate on discussion of various problems related to handling the centralisers 
of involutions in black box groups. 



3 Subgroups of black box groups 

A problem which we immediately encounter when dealing with black box groups is how to construct a 
good black box for the subgroup generated by given elements. For example, given a group generated by 
a collection of matrices, 

X^GL N (¥ q ), X = (xi,...,x k ), 

how can we produce (almost) uniformly distributed independent random elements from XI The com- 
monly used solution is the product replacement algorithm |l7| . 



A. V. Borovik • Centralisers of Involutions in Black Box Groups • 21.10.01 



•5 



3.1 The Product Replacement Algorithm 

Denote by Tk(X) the graph whose vertices are generating fc-tuples of elements in X and edges are given 
by the following transformations: 

{x\ , . . . , X{ , . . . , Xfc ) ► {x\ , . . . , Xj Xi , . . . , Xfc ) 

{x\ j . . . , . . . , Xfc ) ► (j^l ; • • • ) ; • • • ) *£/c ) 

The recipe for production of random elements from X is deceptively simple: walk randomly over this 
graph and select random components Xi . The detailed discussion of theoretical aspects of this algorithm 
can be found in Igor Pak's survey |36). Pak |37j has also shown that, if k is sufficiently big, the mixing 
time for a random walk on T^iX) is polynomial in k and log|X|. Here, the mixing time i m i x for a 
random walk on a graph T is the minimal number of steps such that after these steps 



2 ^ 



P(get at v) - — 



1 

< -. 

e 



At the intuitive level, this means that the distribution of the end points of random walks on T is 
sufficiently close to the uniform distribution. 

The graph Tk(X) is still a very mysterious object. Notice, in particular, that, in general, it is not 
connected. The following very natural question is still open. 

Conjecture 3.1 If G is a finite simple group, the graph Tk(G) is connected for k ^ 3. 

However, Pak (35) found a sufficiently good approximation to the connectivity of r^(G): if { Gi \ 
i = 1,2,...} is a sequence of simple group of increasing order then one of the connected components of 
Pfe(Gi) is asymptotically of the same size as Tk(Gi). 

A remarkable observation by Lubotzky and Pak gives a conceptual explanation of the good properties 
of the product replacement algorithm. 

Fact 3.2 (Lubotzky and Pak |32| ]) // Aut-Fi- satisfies the Kazhdan property (T), then mixing time t ln - lx 
of a random walk on a component of Tk(G) is bounded as 

imix < C(k) ■ log 2 \G\. 

Thus the issue is reduced to the long standing conjecture: 

Conjecture 3.3 For k ^ 4, AutFfc satisfies the Kazhdan property (T). 

Following p^ , we say that a topological group G satisfies the Kazhdan (T)-property if, for some 
compact set Q C G, 

X = infmfmax l|p(g) ,^-" 11 > 0, 
P v=£0 qeQ \\v\\ 

where p runs over all unitary representations of G without fixed non-zero vectors. In our context, Aut Fk 
is endowed with the discrete topology. 

4 Normal subgroups 

Given elements yi, - ■ ■ ,yk of a black box group X, how one can construct a good black box for the 
normal closure 
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One possibility is to run a random walk on the Cayley graph for Y with respect to the union of the 
conjugacy classes S = U • • • U j/? as the generating set for Y. If we know that Y is a simple group 
then a result of Liebeck and Shalev j3l], Corollary 1.12] asserts that, for a finite simple group G and a 
normal subset S C G, the diameter on the Cayley graph C(G, S) is at most clog |G|/ log \S\. It might be 
seen that this result extends to extensions of Lie type groups by diagonal automorphism and becomes 



applicable under conclusions of Fact 2.4 (Shalev, a private communication). It follows from the result 
by Diaconis and Saloff-Coste on the mixing time of a random walk on an edge-transitive graph p0| that 
the mixing time of the random walk on C(G, S) is at most clog 3 |G|/ log 2 \S\. 

However, we wish to discuss a modification of a product replacement algorithm whose practical 
performance as a black box oracle for normal subgroups seems to be better than a random walk on 
C(Y,y? U-.-Uj/j*). 

4.1 Andrews— Curtis graph and the Andrews-Curtis Algorithm 

If G is a group (not necessary finite) and N < G, define the Andrews-Curtis graph A k (G, N) as the 
graph whose vertices are fc-tuples of elements in N which generate TV as a normal subgroup: 

A k (G,N) = {(h u ...,h k ) | (h?,...,h%)=N}. 

Of course, if the group N is simple then the vertices of A k (G, N) are all fc-tuples in N k \ {(1, . . . , 1)}. 
Two vertices are connected by an edge if one of them is obtained from another by one of the moves 



(x 1; . 


■,x k ) - 


-> (x x ,. 


xx* 1 


Xk), i + j 


Oi, ■ 


■ ,x k ) - 


-> (xi,. 


■ • 1 • ij j ) * * * 


Xk), i ^ J 


(x 1; . 


■,x k ) - 


-> (xi,. 


■ • 3 &i {Xj ) , 


■ ■ -,x k ), i^j, w EG 




■,x k ) - 


-> (xi,. 


■ ■ 7 ) i 


■ ■ -,x k ). 



Notice that the moves are invertible and thus give rise to a non-oriented graph. 

Conjecture 4.1 A random walk on the Andrews-Curtis graph A k (G,N) provides a 'good' black box for 

N. 

In practice, a modification of the process, when the last changed component of the generating tuple 
(say, XiX^ 1 ) is multiplied into the cumulative product x, appears to be more effective: 

• INITIALISE x := 1. 

• REPEAT 

o Select random i ^ j in { 1 , . . . , fc } . 



_ ,...„±i ±i 

* produce random w £ G and replace 



With equal probabilities, replace Xi :— x^x- or ij := x- Xj, or 



Xi . Xi(Xj ) Or Xi . — (x „• ) Xi. 



3 

o Multiply Xi into x: 
• Use x as the running output of a black box for N. 



Using results on Markov chains, Leedham-Green and O'Brien [Q had shown that the distribution of 
values of the cumulative product A converges exponentially to the uniform distribution on N. However, 
the issue of explicit estimates is open and represents a formidable problem. 

A discussion of some related computer experiments can be found in O] and H] . 
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4.2 The Andrews-Curtis Problem 

Virtually nothing is known about the properties of the Andrews-Curtis graph for the free and relatively 
free groups. This is one of the few positive results: 

Fact 4.2 (A. G. Myasnikov f33j) For the free solvable group Fn" 1 ^ of class m and all k n, the 
Andrews-Curtis graph A k (Fr^ , F^" 1 ^) is connected. 

However, the landscape is dominated by the Andrews-Curtis Problem (1965): 

Problem 4.3 (Andrews and Curtis M) Is it true that, for k ^ 2, the Andrews-Curtis graph Ak(Fk,Fk) 
is connected? 

There is an extensive literature on the subject, see for example, g @ ||§. Some potential coun- 
terexamples (originating in topology) are killed by application of genetic algorithms j34J ]. For example, 
contrary to the suggestion made by Akbulut and Kirbi Q| in 1985, the pairs (x 2 y~ 3 , xyxy~~ 1 x~~ 1 y~ 1 ) and 
(x, y) of elements in the 2-generator free group F 2 — (x, y) belong to the same connected component of 
A 2 (F 2 ,F 2 ). 

The work |l4|] suggests a possible line of attack at this problem based on the study of the connected 
components of the Andrews-Curtis graphs (G, G) for finite groups G. 

5 Factor groups 

Assume that we are given a black box group X and its normal black box subgroup Y. The computations 
in the factor group X/Y require testing when two elements u and v in X are equal in the factor group 
X/Y, which is equivalent to the membership problem for Y: 

Check, in polynomial time of log \X\, whether uv^ 1 G Y. 

If Y is simple and we have an order oracle for X, then the following simple and beautiful algorithm 
due to Leedham-Green resolves the membership problem in polynomial time. 

INPUT: an element u e X. 

• FOR sufficiently many random y\ , . . . , y\, G Y compute 

D := gcd(o(ttyi), . . . , o{uy k )). 

• IF D = 1 RETURN U € Y 

else return "probably u £ Y" . 

This is a one-sided algorithm: if D = 1 then u definitely belongs to Y for otherwise D is divisible 
by the order of the element u in the factor group X/Y. On the other hand, orders of sufficiently many 
random elements of a simple group are likely to have no non-trivial divisors in common ||. See fic| , 
Section 4.4] for a detailed discussion. 

6 Centralisers of involutions 

It is well known that if u and v are involutions in a finite group, then the group (x,y) is a dihedral 
group; indeed, 

(uv) u — u^ 1 ■ uv ■ u = vu = (uw) _1 

and similarly (uv) v = (uv) -1 . Hence u and v invert every element in the cyclic group (uv). If the 
element uv is of even order then u and v invert the involution \(uv ) S (uv) and centralise it. If, however, 
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the element uv has odd order then, by the Sylow Theorem, the involutions u and v are conjugate by an 
element from (uv). 

This simple observation, due to Richard Brauer, was the starting point of his programme of clas- 
sification of finite simple groups in terms of centralisers of involutions. Remarkably, in the context of 
black box groups it can be developed into an efficient algorithm for constructing black boxes for the 
centralisers of involutions. 

Let X be an arbitrary black box finite group and assume that x E = 1 for all elements x G X. Write 
E = 2* • r with r odd. Let x be a random element in X. Notice that 

• if x is of odd order, then x r — 1 and y = x^ r+1 ^ 2 is a square root of x: 

y 2 = x (r+1)/2 • x {r+1)/2 = x r+1 = x; 



• if x is of even order then x r is a 2-element and the consecutive squaring of x r produces the 
involution i(x) from the cyclic group (x). 

Furthermore, the elements y = \fx and i(a;) can be found by 0(\ogE) multiplications. 

Let now i be an involution in X. Construct a random element x of X and consider z — ii x . 

• If z is of odd order and y = y/z then 

i y = y~ 1 iy = iyy = iz = i ■ ii x = i x 
and yx^ 1 G Cx{i)- We write yx^ 1 — d(x). 

• if z is of even order then i(z) lies in the center of the dihedral group (i,i x ) and thus i(z) G Cx(i)- 
We write i(z) = (o(%)- 

Notice that (i(x) can be computed without knowing the order o(x) of x. One can test whether an 
element has odd order by raising it to the odd part r of E, and if o(x) is odd then x^ r+1 ^ 2 = x^°^ +1 ^ 2 . 

Thus we have a map Q = (i U ^ defined by 

(:X — » C x (i) 

^ f d(x) = (ii^+V/ 2 ■ x- 1 if o(ii x ) is odd 
\ (o(x) = i(ii x ) if o(ii x ) is even. 

If c e G x (i) then 

Co(xc) = i(i • i xc ) = i(i c ■ i xc ) = ■ i x ) c ) = i{ii x y 

= Co(x) c , 

Ci(ec) = {u cx ) {r+1)/2 ■ x- 1 ^ 1 = (u x Y r + i y 2 ■ x- x c- x 
= Ci(x)-c-\ 

Hence if the elements x G X are uniformly distributed and independent in X then 

• the distribution of elements (i(x) in Cx(i) is invariant under right multiplication by elements 
c G Cx(i), that is, if A C Cx(i) and c G Cx{i) is an arbitrary element then the probabilities 
P(Ci(x) G A) and P((i(x) G Ac) coincide. 

• The distribution of involutions (o{%) is invariant under the action of Cx{i) on itself by conjugation, 
that is, 

P(Ci( 2; )GA) = P(Ci(x)GA c ). 
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6.1 Running the odd type oracle 

Therefore we came to the following simple but important result. 

Theorem 6.1 If the elements x £ X are uniformly distributed and independent in X then the elements 
Ql{x) are uniformly distributed and independent in C x (i). 

This gives us a good black box for C x (i); we shall call it the black box of odd type or odd type oracle. 

It might happen, however, that the share of elements x £ X for which the function Ci( x ) ls defined 
is too small to use d as an efficient way to generate elements in C x (i). For example, in the group 
Y = PSL2(¥ q ), when q = p k is a big power of an odd prime integer p, almost every element is semisimplc 
and thus belongs to a cyclic group of order (q ± l)/2; one of these two subgroups has even order and 
at least 1/2 of its elements are also of odd order. This shows that between 1/4 and 1/2 elements in Y 
are of even order. All involutions in Y are conjugate. It is easy to see that the product of two random 
involutions in Y has even order with probability between 1/4 and 1/2. When we work in the direct 
product X = Y x ■ • • x Y (k times), we have to make these computations componentwise, which leads 
to the unfortunate conclusion that, in the worst case scenario, the probability of the product of two 
conjugate involutions to be of odd order could be close to l/2 fe . 

If X is a simple group of Lie type of odd characteristic, then we have the following crude estimate. 

Theorem 6.2 Let G be a simple group of Lie type of odd characteristic and He rank n. If i is an 
arbitrary involution in X then the product i ■ i g has odd order with probability c/n d for some constants 
c and d. 

This can be deduced from the Galois cohomology of reflexive tori in simple algebraic groups G, that is, 
tori T such that t % = t^ 1 for some involution i £ Nq(T) and all t £ T. This theory is developed in || 
by analogy with the classical theory of tori in semisimple algebraic groups over finite fields [fl0[ . 

The situation is better in simple groups of Lie type over big finite fields of characteristic 2, where 
almost all elements are semisimple and thus have odd order. In this context, a product of an involution 
and its conjugate almost always has odd order, and the odd type oracle works with the maximal possible 
efficiency. 

Of course, when we deal with the verification of a possible isomorphism between a black box group 
X and the known target group G, we can try to locate in X an involution i which, in the case of 
isomorphism X ~ G, should behave like an involution j from a conjugacy class in G where the share of 
elements g G G with o(jj 9 ) odd is sufficiently big; then we can run the odd type black box in the hope 
to eventually get a contradiction with the isomorphism X ~ G. Examples of this type of computation 
can be found in [lj| and are used in our proof of Theorem 2.3. The classical involutions in simple 



groups X of Lie type of characteristic p > 3 are particularly useful. Recall that a classical involution 
t has the property that C x [t) contains a subnormal subgroup L ~ SL2 (F p *) such that t € Z(L). For 
example, in X = SL n {¥ p k) a classical involution is an involution with exactly 2 or n — 2 eigenvalues —1. 
Classical involutions played the very prominent role in the classification of finite simple groups and 
their reappearance in the theory of black box groups is not really surprising. 



6.2 The oracle of even type 

If the function Ci(x) is rarely defined then the function (o(x) is defined for almost all x £ X and produces 
a normal set of involutions with probability distribution invariant under conjugation by C x (i). Hence 
C x (i) = (Co (x) I x £ X) is a normal subgroup in C x {i). It seems reasonable to take the cumulative 
product z := zCo(x) of consecutive values of Co(x) for the output of a black box for C x (i). We shall call 
it the oracle of even type. 

The values of the function Co belong to the union of conjugacy classes 

S = sf x{l) U---Us° x{i) 
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with the probability distribution invariant under the conjugation by elements from Cx(i)- In the case 
when X is a reductive group of characteristic p > 2, the analysis similar to that of Section ^ shows that 
the mixing time i m i x of the corresponding random walk on C(C x (i), S) is bounded by 



< c max ■ 



log 3 


c° x (i) 


log 2 


°i 



6.3 Centraliser of a transposition in a symmetric group 

In one case, namely, when X = Sym n , 2 and i = (12), the detailed analysis of the even type oracle is 
already contained in Diaconis and Shahshahani plj . Indeed, it is easy to see that Cx[i) — Z 2 x Sym n . 
Random products ii x are either elements of order 1 or 3 (which happens with probability 0(l/n) when 
P S {1,2} or 2 X e {1,2}) or one of the ( 2 ) involutions (o(x) = (12)(st). Hence the involutions (o(x) 
generate a subgroup C° of index 2 in Cx(i)- It is easy to see that C° is isomorphic to the symmetric 
group Sym n . We see that the even type oracle Co works with sufficient speed. As for the distribution 
of the images of the cumulative product z :— z ■ (o(x) in the factor group C° ~ Sym n , we can use an 
estimate from |2~i[| regarding generation of Sym„ by random transpositions: 



Fact 6.3 (Diaconis and Shahshahani 21 ) If k = \ ■ nlogn + cn, c > 0, and P* k is the distribution of 



the random product of k transpositions then 

\\P* k -U\\ ^ae~ 2c 

for an universal constant a. Here U is the uniform distribution on Sym n and the norm \\\\ is defined as 

ll^* fc -^ll = ^ E |^* fc (.9)-^G?)|. 

gSSym„ 

This means that we have to skip first ^ • nlogn values of the cumulative product z, and after that we 
can expect that the cumulative product quickly converges to the uniform distribution on C. Further 
results in |^lj show that the threshold estimate ^ • n log n cannot be improved. 

6.4 The mixed type oracle 

Some computer experiments suggest that the cumulative product 

z ' Co{ x ) if o(ii x ) is even 
z ■ d(x) if o(ii x ) is odd 

has a satisfactory performance as a black box for CcX(i). We shall call it the mixed type oracle. 



7 Improving black boxes by cumulative product 

It is obvious that the probability distributions of the outputs of black boxes as they appear in practical 
computations might considerably deviate from the uniform distribution. Independence of consecutive 
values of the output is also questionable (it is the case, for example, with the product replacement 
algorithm). For that reason methods of improving the statistical properties of the output are highly 
desirable — of course, if they are computationally efficient. 

Assume that the output { x\, X2, • ■ ■ } of our black box X is independent and has the probability 
distribution P — {p(x)}. Then the cumulative product the random walk on the group X 

generated by the probabilistic distribution P, that is, a random walk in which we move from the element 
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x to xy with probability p(y). The probability distribution after k steps of the random walk is the A:-th 
convolution p*^- 1 ) of P. Here the convolutions are defined as 

(p * Q){ x ) = P{xy~ x )Q{v)> P* k = p * p* {k - l) . 

vex 



7.1 Centralisers of involutions 



When the distribution P is invariant under conjugation by elements of X (as it happens in generation of 
centralisers of involutions), it appears that the methods based on the non-commutative Fourier transform 
|l9f are useful for the estimating the rate of convergence of P*W to the uniform distribution on X. In 
particular, under these conditions the Upper Bound Lemma by Diaconis and Shahshahani |2l|| takes the 
following form: 



|| P *(fc) _ [/|| 



x(i) 5 



X(x) 



x(i) 



2k\ 



where the first sum is taken over the non-trivial irreducible characters of G and the second over repre- 
sentatives of conjugacy classes of X. This is how Diaconis and Shahshahani obtained their bounds for 
the generating of Sym„ by random transvection [ pl| used in Section 3.3 in the analysis of generation of 
the centraliser of a transposition. 

It would be interesting to get some numerical data related to generation of centralisers of involutions. 
The first step of this problem seems to be relatively easy. 

Question 7.1 For an involution i in a finite simple group X of Lie type of odd characteristic, compute the 
probability distribution P(z) of the values of the function (o : X — > C^-(z). 

However, obtaining explicit estimates in the Upper Bound Lemma requires a detailed knowledge of 
characters of the group C^-(i). It would be interesting to complete the analysis at least in some number 
of 'small' cases. 



7.2 The Andrews-Curtis algorithm 

Notice that if we slightly modify the Andrews-Curtis algorithm and conjugate the both elements involved 
in multiplication, 

Xi := xKx^ 1 or Xl := (x^x?, i ? .] 

where u and v are random elements of X, then the distribution of the output of the new algorithm 
becomes invariant under the action of X by conjugation. Assume that Y is simple. If wc make the 
assumption that the consecutive values of the output are independent (which is sufficiently close to the 
truth when the size k of generating fc-tuples is sufficiently big), the combination of results of Liebeck 
and Shalev (see Section |4|) with the results of Diaconis and Saloff-Coste |2(J gives a cubic (in log | G|) 
estimate for the mixing time of the cumulative product. The experimental data shows a much better 
performance of the Andrews-Curtis algorithm. It would be very interesting to carry out the rigorous 
analysis of the behaviour of the cumulative product in the Andrews-Curtis algorithm. 



7.3 The product replacement algorithm 

As it was demonstrated by Leedham-Green et al. [[ll], [50|, the practical performance of the product re- 
placement algorithm can be improved if we multiply its consecutive outputs z±,Z2,... into the cumulative 
product z :— z ■ Zi, and take the consecutive values of z for the output of a new black box. We noticed 
that the cumulative product gave a similar improvement in the black box algorithm for centralisers of 
involutions. It would be interesting to formulate and prove results which confirm or at least provide a 
heuristic justification of these empirical observations. 
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